Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/KVMzJG-tiBiXKGfDbX7s-fqSUcs.roa
File: KVMzJG-tiBiXKGfDbX7s-fqSUcs.roa (raw, json)
Hash identifier: izdiO/l04uY0Tl9GP7xbaa4HsWMYkrOgbs0SiG0a1K8=
Subject key identifier: 29:53:33:24:6F:AD:88:18:97:28:67:C3:6D:7E:EC:F9:FA:92:51:CB
Certificate issuer: /CN=f0ff2c6229af763a99f5349a32510df4a4526143
Certificate serial: 01942521686775524A719E747990802147ED
Authority key identifier: F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/KVMzJG-tiBiXKGfDbX7s-fqSUcs.roa
Signing time: Thu 02 Jan 2025 03:48:53 +0000
ROA not before: Thu 02 Jan 2025 03:48:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29286
IP address blocks: 185.4.88.0/22 maxlen: 24
193.92.8.0/22 maxlen: 22
193.92.8.0/24 maxlen: 24
193.92.9.0/24 maxlen: 24
193.92.10.0/24 maxlen: 24
193.92.11.0/24 maxlen: 24
194.219.218.0/23 maxlen: 24
213.16.192.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl
rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.mft
rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:68:67:75:52:4a:71:9e:74:79:90:80:21:47:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0ff2c6229af763a99f5349a32510df4a4526143
Validity
Not Before: Jan 2 03:48:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=295333246fad8818972867c36d7eecf9fa9251cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:91:4d:54:b1:3c:40:9b:60:41:46:65:62:42:
14:a9:d8:91:74:14:e4:df:d9:de:83:f7:ac:eb:18:
14:5d:67:72:42:54:23:48:b0:20:3f:a0:28:6c:3d:
f3:6b:62:84:e7:fe:e7:80:ca:d5:f0:a7:cb:56:1d:
cf:e6:11:ba:e9:7c:ca:22:38:30:3f:63:b4:a8:ff:
79:6c:40:72:6e:e5:96:49:2e:36:bc:d6:45:3c:fd:
2b:0e:df:f8:d1:52:88:5c:be:74:8f:53:f9:02:cb:
24:0c:c9:35:a4:5a:d7:21:1a:f7:43:65:e9:b1:d7:
55:0c:1d:33:96:6f:b9:cc:bd:c2:bc:dd:02:44:98:
2d:c6:54:81:1e:f8:fd:13:1d:bd:ff:87:98:f0:50:
8b:95:6f:0a:50:6a:82:fb:86:4a:28:ac:f4:04:2c:
9b:d4:fb:d8:1a:8c:c7:06:53:23:5d:ea:48:7b:fe:
6b:66:95:0e:4a:f1:f1:35:85:4b:87:f2:a7:55:a4:
fb:93:f1:60:9e:5c:2f:32:96:e5:c8:9f:bb:c4:7c:
f5:e7:3e:98:44:30:54:4f:cb:7e:33:5b:cd:fc:c2:
d3:26:68:d5:bd:a3:92:8e:3a:da:6e:09:83:fb:b0:
04:ad:12:7d:2d:c5:4e:aa:54:af:41:9f:39:59:be:
16:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:53:33:24:6F:AD:88:18:97:28:67:C3:6D:7E:EC:F9:FA:92:51:CB
X509v3 Authority Key Identifier:
keyid:F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/KVMzJG-tiBiXKGfDbX7s-fqSUcs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.4.88.0/22
193.92.8.0/22
194.219.218.0/23
213.16.192.0/20
Signature Algorithm: sha256WithRSAEncryption
5d:e2:c2:ef:20:18:14:06:a0:f9:e7:d2:4b:b0:bd:eb:9e:fe:
ba:81:c2:30:aa:2e:05:d7:2e:cc:78:7f:e0:0e:52:49:12:a1:
db:f8:08:43:c5:9d:6e:bd:e2:a4:ff:ba:30:54:d8:8c:c1:22:
ac:a2:c5:bd:b9:90:a4:76:3f:e7:4b:32:56:5b:10:bc:70:a9:
3a:85:06:72:5c:38:dc:25:5f:f9:c8:ae:32:d5:09:82:e6:2d:
38:b7:c2:22:8f:cf:00:97:01:59:6a:07:b4:c7:ed:6d:5d:fd:
6e:71:cd:e9:c9:51:0e:27:a5:cc:50:94:e9:9b:f1:d4:bb:c5:
22:51:a8:3d:b3:bf:e5:fc:d0:c0:17:1e:69:f1:1b:cd:38:cd:
43:79:50:85:ad:a7:eb:04:b3:2e:27:9e:3e:39:6c:7f:26:58:
56:20:8a:7b:c1:5f:0f:95:be:f2:d3:cd:63:c5:fc:06:52:68:
0e:94:1a:63:08:4c:6e:d6:f4:fd:9a:cc:08:f3:ab:37:f3:fc:
b1:88:54:0f:a0:5b:2d:4b:b5:88:a3:68:da:2b:fd:28:2c:01:
b9:4b:4a:7e:34:af:24:3f:58:97:4a:bd:bf:e6:f6:e9:c3:60:
f2:bd:d3:8d:8e:21:8d:86:9f:ce:23:f3:b2:30:ba:49:a4:c1:
c0:46:c9:ba
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQlIWhndVJKcZ50eZCAIUftMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZmYyYzYyMjlhZjc2M2E5OWY1MzQ5YTMyNTEwZGY0YTQ1
MjYxNDMwHhcNMjUwMTAyMDM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTUzMzMyNDZmYWQ4ODE4OTcyODY3YzM2ZDdlZWNmOWZhOTI1MWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJFNVLE8QJtgQUZlYkIUqdiRdBTk
39neg/es6xgUXWdyQlQjSLAgP6AobD3za2KE5/7ngMrV8KfLVh3P5hG66XzKIjgw
P2O0qP95bEBybuWWSS42vNZFPP0rDt/40VKIXL50j1P5AsskDMk1pFrXIRr3Q2Xp
sddVDB0zlm+5zL3CvN0CRJgtxlSBHvj9Ex29/4eY8FCLlW8KUGqC+4ZKKKz0BCyb
1PvYGozHBlMjXepIe/5rZpUOSvHxNYVLh/KnVaT7k/FgnlwvMpblyJ+7xHz15z6Y
RDBUT8t+M1vN/MLTJmjVvaOSjjrabgmD+7AErRJ9LcVOqlSvQZ85Wb4WewIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFClTMyRvrYgYlyhnw21+7Pn6klHLMB8GA1UdIwQY
MBaAFPD/LGIpr3Y6mfU0mjJRDfSkUmFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYt
ZTY5ZjdhNWQyZDkwLzEvS1ZNekpHLXRpQmlYS0dmRGJYN3MtZnFTVWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYtZTY5ZjdhNWQyZDkw
LzEvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCuQRYAwQC
wVwIAwQBwtvaAwQE1RDAMA0GCSqGSIb3DQEBCwUAA4IBAQBd4sLvIBgUBqD559JL
sL3rnv66gcIwqi4F1y7MeH/gDlJJEqHb+AhDxZ1uveKk/7owVNiMwSKsosW9uZCk
dj/nSzJWWxC8cKk6hQZyXDjcJV/5yK4y1QmC5i04t8Iij88AlwFZage0x+1tXf1u
cc3pyVEOJ6XMUJTpm/HUu8UiUag9s7/l/NDAFx5p8RvNOM1DeVCFrafrBLMuJ54+
OWx/JlhWIIp7wV8Plb7y081jxfwGUmgOlBpjCExu1vT9mswI86s38/yxiFQPoFst
S7WIo2jaK/0oLAG5S0p+NK8kP1iXSr2/5vbpw2DyvdONjiGNhp/OI/OyMLpJpMHA
Rsm6
-----END CERTIFICATE-----
Generated at Sat Apr 12 03:59:48 2025 by rpki-client